Fediverse

cross-posted from: https://lemm.ee/post/530162

Please report issues with this version either here or at the issue tracker.

Changelog v1.2.0

• Add rewrite support for posts/comments
  
• Try to not rewrite federation links

---

Description

Lemmy Universal Link Switcher, or LULs for short, scans all links on all websites, and if any link points to a Lemmy instance that is not your main/home instance, it rewrites the link so that it instead points to your main instance. Currently only works for community/user links.

Features

• Rewrite links to Lemmy posts/comments to point to your home instance. Only after hovering over them, because getting home posts/comments links require communicating with the Lemmy servers, and we don't want to spam the servers.
  

• Instantly rewrite all links of communities or users to Lemmy/kbin on all websites everywhere to your new instance! The rewritten links will have an icon next to it, and hovering/touching the icon will show you the original link, allowing you to go there if you want to.
  

• If you are already on a page that has a corresponding page on your home instance, a link will automatically be added to the page header.
  

Home Instance Setup

Simply visit the Lemmy instance you want to set as your home while the script is active. You will be asked if you want to set this instance to your home instance:

If you initially set your home instance wrong or just want to change it, no worries - simply go to your settings on your new home instance and press the button for it!

Coming soon

• Rewrite kbin post/comment links
• Better rewriting support for kbin community/user urls (e.g. sort options are currently ignored)
• Nicer tooltip styling (fit into page theme)
• Signify that "Show at home" button is loading for posts/comments

This list on codeberg is one of the best I've seen.

Was looking at https://fedidb.org/current-events/threadiverse and it's not showing millions of total users anymore.

https://www.youtube.com/watch?v=hADMCQLPFb4

A detailed look at the timeline behind Meta's interactions with the Fediverse, how different parts of the network have reacted, and some insights on where things might be going.

Thought this might be an interesting read for some.

I've always thought of the StackExchange network as kind of a strange beast. In one sense, it is basically a Reddit clone. It has a "front page", it has "karma", it has "subreddits", etc. And yet, it is something else entirely. Through strict moderation and constraining site rules, it has always maintained a separate niche from Reddit, despite being so conceptually similar.

I think there is a real possibility that StackExchange network is basically already compliant with the "threadiverse" protocol (ie the Lemmy/Kbin dialect of activitypub), or rather that the data model of their API could be made to be compliant with almost no effort at all. I think it would be really cool to see some of the questions and discussion threads that get created over there appearing over here. Even if it was a one-way connection, the idea of knitting these networks together is fascinating to me. I have no idea if it would make business sense for them, but then again I don't actually know how StackExchange makes most of their money.

Hi guys, I'm changing my phone to one with less resources. Part a detox era, kind off. My question is, how convenient is to keep using fedilab and husky as main apps in a less powerful phone. Is that right? Is more convenient to go directly at main pages?

cross-posted from: https://lemmy.ninja/post/30492

Summary

We started a Lemmy instance on June 13 during the Reddit blackout. While we were configuring the site, we accumulated a few thousand bot accounts, leading some sites to defederate with us. Read on to see how we cleaned up the mess.

Introduction

Like many of you, we came to Lemmy during the Great Reddit Blackout. @MrEUser started Lemmy.ninja on the 13th, and the rest of us on the site got to work populating some initial rules and content, learning how Lemmy worked, and finding workarounds for bugs and issues in the software. Unfortunately for us, one of the challenges to getting the site up turned out to be getting the email validation to work. So, assuming we were small and beneath notice, we opened our registration for a few days until we could figure out if the problems we were experiencing were configuration related or software bugs.

In that brief time, we were discovered by malicious actors and hundreds of new bot users were being created on the site. Of course we had no idea, since Lemmy provides no user management features. We couldn't see them, and the bots didn't participate in any of our local content.

Discovering the Bots

Within a couple of days, we discovered some third-party tools that gave us the only insights we had into our user base. Lemmy Explorer and The Federation were showing us that a huge number of users had registered. It took a while, but we eventually tracked down a post that described how to output a list of users from our Lemmy database. Sure enough, there were thousands of users there. It took some investigation, but we were eventually able to see which users were actually registered at lemmy.ninja. There were thousands, just like the third-party tools told us.

Meanwhile...

While we were figuring this out, others in Lemmy had noticed a coordinated bot attack, and some were rightly taking steps to cordon off the sites with bots as they began to interact with federated content. Unfortunately for us, this news never made it to us because our site was still young, and young Lemmy servers don't automatically download all federated content right away. (In fact, despite daily efforts to connect lemmy.ninja to as many communities as possible, I didn't even learn about the lemm.ee mitigation efforts until today.)

We know now that the bots began to interact with other Mastodon and Lemmy instances at some point, because we learned (again, today) that we had been blocked by a few of them. (Again, this required third-party tools to even discover.) At the time, we were completely unaware of the attack, that we had been blocked, or that the bots were doing anything at all.

Cleaning Up

The moment we learned that the bots were in our database, we set out to eliminate them. The first step, of course, was to enable a captcha and activate email validation so that no new bots could sign up. [Note: The captcha feature was eliminated in Lemmy 0.18.0.] Then we had to delete the bot users.

Next we made a backup. Always make a backup! After that, we asked the database to output all the users so we could manually review the data. After logging into the database docker container, we executed the following command:

select
  p.name,
  p.display_name,
  a.person_id,
  a.email,
  a.email_verified,
  a.accepted_application
from
  local_user a,
  person p
where
  a.person_id = p.id;

That showed us that yes, every user after #8 or so was indeed a bot.

Next, we composed a SQL statement to wipe all the bots.

BEGIN;
CREATE TEMP TABLE temp_ids AS
SELECT person_id FROM local_user WHERE person_id > 85347;
DELETE FROM local_user WHERE person_id IN (SELECT person_id FROM temp_ids);
DELETE FROM person WHERE id IN (SELECT person_id FROM temp_ids);
DROP TABLE temp_ids;
COMMIT;

And to finalize the change:

UPDATE site_aggregates SET users = (SELECT count(*) FROM local_user) WHERE site_id = 1;

If you read the code, you'll see that we deleted records whose person_id was > 85347. That's the approach that worked for us. But you could just as easily delete all users who haven't passed email verification, for example. If that's the approach you want to use, try this SQL statement:

BEGIN;
CREATE TEMP TABLE temp_ids AS
SELECT person_id FROM local_user WHERE email_verified = 'f';
DELETE FROM local_user WHERE person_id IN (SELECT person_id FROM temp_ids);
DELETE FROM person WHERE id IN (SELECT person_id FROM temp_ids);
DROP TABLE temp_ids;
COMMIT;

And to finalize the change:

UPDATE site_aggregates SET users = (SELECT count(*) FROM local_user) WHERE site_id = 1;

Even more aggressive mods could put these commands into a nightly cron job, wiping accounts every day if they don't finish their registration process. We chose not to do that (yet). Our user count has remained stable with email verification on.

After that, the bots were gone. Third party tools reflected the change in about 12 hours. We did some testing to make sure we hadn't destroyed the site, but found that everything worked flawlessly.

Wrapping Up

We chose to write this up for the rest of the new Lemmy administrators out there who may unwittingly be hosts of bots. Hopefully having all of the details in one place will help speed their discovery and elimination. Feel free to ask questions, but understand that we aren't experts. Hopefully other, more knowledgeable people can respond to your questions in the comments here.

I think there are good reasons to not let corporate interests join the space we built to escape them, but I guess every instance is free to (de)federate with whomever they want.

So let's say my instance (mander.xyz) defederates from Meta but another Lemmy instance that meander.xyz federates with (let's say "misguided.ml") does not. What happens when someone from Meta comments on a post from misguided.ml and others from misguided.ml comment on that comment? Will I see the comments on the meta comment, but not the original meta comment itself? Or will I not see the entire thread?

Someone’s started a Python wrapper around the lemmy API

https://github.com/db0/pythorhead (@db0)

Could make writing bots and other tools easier and quicker.

@fediverse @fediversenews

A post on kbinMeta states that "Lemmy.ml is blocking all inbound ActivityPub requests from /kbin instances." More details here, but the theory is that -- rather than defederating -- lemmy.ml returns a 403 'access denied' message in response to any inbound requests from a user agent with "kbinBot" in the string. Upvotes, comments, and boosts don't seem to be going through. However, it appears that lemmy.ml still federates information outbound to kbin instances.

I'm wondering if anyone here knows what is going on and why it might be happening? Federation between Lemmy instances and Kbin instances seems to be a selling point for both, so I'm sure others using both services are curious as to what's going on.

Hey I just created awesome-lemmy based on the well-known awesome lists.

There is already a awesome-lemmy-instances which is specialized in Lemmy instances but no general list that's why I created a new list.

It's forked from awesome-scala which has a very neat python script to easily add new projects so it should be quite easy to contribute, feel free to add tools, apps and websites linked to lemmy!

Hello everyone.
I am relatively new here on Lemmy, and the Fediverse, and there is still a lot I am trying to learn.
I think I understand the general theory of how the different instances and communities work here on Lemmy, but I'm struggling to understand how the different federated software interacts with each other.
For example, I understand that it is possible to follow a community, commenting on its posts, or a user subscribed to Lemmy even from Mastodon. Similarly, it is possible to follow an author on Write.as, again through Mastodon.
What I wanted to understand is what software in the Fediverse interacts with each other, how, and how do you get them to interact.
I hope someone can help me better understand how things work, as I find the idea of the Fediverse absolutely fascinating, a real breath of fresh air in the modern Internet landscape.

#lemmy is starting to reverse the spam account problem. See users graph here https://fedidb.org/current-events/threadiverse

From what I’ve gathered, many of these accounts never actually materialised as they never went through email verification. How many I’m not sure. Nor did any spam problem eventuate (yet?). Either way, it seems the targeted instances are getting on top of the problem.

@fediverse
@fediversenews

Even just looking through the list of communities I can already see two separate "Fediverse" communities on different servers. I'm assuming the posts aren't shared. How do we keep related discussion as central as possible? Just hope one wins and everyone posts there or is there a technical solution?

For Communick, I will be using reddit as part of the approval of new registration requests. What do you think of this policy?

Last Week in the Fediverse - ep 24

The main subject of the week is the conversation around Meta joining the #fediverse. To make sense of it all, I created a timeline of the major events, as well as sort out the different types of discourse people are having into different subjects.

In other news:
- over 15 threadiverse apps in development
- a research symposium on Mastodon
- fediverse magazine WeDistribute is back

@fediverse @fediversenews

Read it at: fediversereport.com/the-roundu

I recently came across a torrent that seems to be an archive of Reddit. It got me thinking if it would be possible to make it locally browsable. However, I also considered the possibility that someone might have already addressed this by creating a public Lemmy instance, enabling the content to be accessible from any federated instance.

Can we all stop the in-fighting for a minute and realise how awesome the platform we are on is?

We are forming communities on the realized image of the internet that we were told we would have back in the 80s and 90s.

You can make your own home on the web and have your own niche community, not owned by any corporation, while still being connected to the wider internet.

This feels like something out of a sci-fi movie.

I feel like Bookwyrm has proven the idea of a federated review platform. Could this be extended to local business reviews?

I vowed long ago to stop contributing to closed platforms such as on Google Maps or Yelp. Could a federated alternative be a good solution?

It would be extremely funny

(just a few thoughts I wanted to write out)

Don't get me wrong, I love the local and federated timelines, but after thinking about it I realized that it's also the cause for a lot of drama.

Email and Xmpp never had such a big problem with cross instance blocks. If you think about it, all federated content is blocked by default and only becomes available if a user searches for it and subscribes to it. Before that, the server has no idea what is out there unless a relay is used. But there's two exceptions... the local timeline and the federated timeline.

These are great to get stuff started and kickstart the following process, but are forcing people to receive content that they might not want to see.

Where previously a block would only be necessary whenever a malicious user messaged me directly, now we have to deal with the need to curate content of public timelines in order to avoid problems with local or remote users.

The instance admins have full right to decide what is hosted on their instance and what not. This is not about free speech because you are not entitled to using someone's server in a way they don't want, but about creating complicated dilemmas and tough moderation choices by forcing together content and users that could be drastically different in beliefs or preferences by using timelines which are understandably very appealing to use.

Maybe all posts should be unlisted by default and both timelines, whether on Lemmy or Mastodon only contain whitelisted user accounts to give your instance's users and remote users a few recommendations.

Don't get me wrong, I love those two timelines and I have a thick enough skin that I can simply ignore or block content I don't like, but as an instance admin both on Mastodon and Lemmy I've noticed that this is not the case. Users are often eager to report anything they don't like to see or disagree with even though they don't follow that community in question or would never have interacted with it. This could cause a lot of moderation overhead as well as drama as it puts users and remote instance admins on alert about X, Y or Z divisive or distasteful content (especially when it comes to NSFW) potentially being sent out to them.

Hey Fediverse,

We've been working on something cool and wanted to share it with you. It's a new project called Lemmy.link, and it's all about making RSS feeds more accessible and useful on Lemmy.

We've noticed there's been a lot of talk in various communities about people shifting back to traditional RSS aggregators like Feedly, TT-RSS, and Newsblur. It got us thinking: why not bring those RSS feeds directly to Lemmy instead?

That's how Lemmy.link came to life. Right now, we have 10 communities collecting from over 30 RSS feeds, covering topics from World News and Technology to Business, plus some popular YouTube communities like News, Technology, and Explainers.

But we're just getting started, and this is where you come in. We'd love your ideas for new communities or RSS feeds to include. There's just one thing - to keep things running smoothly, we're focusing on shared interests and staying away from personal communities with custom feeds.

Also, please note, for now, lemmy.link is closed for signups. You'll need to subscribe from your current Lemmy instance. Once we've incorporated the upcoming 0.18.1 captcha update, we'll take a fresh look at this.

So, take a tour of Lemmy.link and let us know what you think. We believe there's huge potential for this project in the Fediverse and your input is a big part of that. Please provide any feedback on !meta@lemmy.link

Thanks for reading, and we hope you enjoy what we've built so far with Lemmy.link.

-- Notorious